Reporting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Copy csv file to a shared location

ashrafshareeb
Path Finder
‎07-25-2019 07:36 AM

Hi All,

I have a user use-case which is to generate an csv file (we used | outputcsv ) and the file got generated in
/app/splunk/rel/var/run/splunk/csv/filename.csv. This file needs to be moved into a shared path like \location\of\shared\path

Is there a script to copy file from unix server to a shared drive, if there is any please do share. If it is not possible to copy to shared path please do let me know. I'm thinking of using it as alert action as script to call a script to copy once the .csv file gets generated.

Any suggestions!

0 Karma
Reply

vnguyen46
Contributor
‎04-22-2020 09:48 AM

Hi - I have the same need. Have you figured out how to make it work? Please share.
Thanks,

0 Karma
Reply

to4kawa
Ultra Champion
‎04-22-2020 02:08 PM

Try to make apps.
In apps, outputlookup make csv at $SPLUNK_HOME/etc/apps/appsname/lookups.

directory permition could be modified,I guess.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎07-25-2019 12:23 PM

As the documentation says, the outputcsv command will only write files in the one location. This is protect your system from rogue queries. If you need the CSV file in another location then you'll need to either create a shell script triggered by cron or a Splunk external command appended to your query (... | outputcsv filename.csv | script moveCSV). See "About writing custom search commands" at https://docs.splunk.com/Documentation/Splunk/7.3.0/Search/Aboutcustomsearchcommands.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...